General

  • Target

    P.O 2.doc

  • Size

    93KB

  • Sample

    231024-gj64yaba2z

  • MD5

    4e3b9b06dc44119372a0dfc65322496b

  • SHA1

    25c6730b491be95674ab3150c84068a39937dafc

  • SHA256

    a5d83f25c675104454de24fe6452127f1e655ebb655a3a8fd5a0d4d057007e51

  • SHA512

    b8dd3a1d4fc74941abec997055f9eac4fca91d40b944072809cdb58192931bb1259acbd7a2c6b82ff64ea730804dcc2ae28a8c22b75e6ec785ac4babac215d45

  • SSDEEP

    768:HwAbZSibMX9gRWjUNmsed3ACGvG9WSRjZzgIOw//Nq6dSAMw:HwAlR0sq3A5GgCDOw/06Cw

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy30

Decoy

rfc234.top

danielcavalari.com

elperegrinocabo.com

aryor.info

surelistening.com

premium-numero-telf.buzz

orlynyml.click

tennislovers-ro.com

holdmytracker.com

eewapay.com

jaimesinstallglass.com

damactrade.net

swapspecialities.com

perfumesrffd.today

salesfactory.pro

supportive-solutions.com

naiol.com

khoyr.com

kalendeargpt44.com

web-tech-spb.store

Targets

    • Target

      P.O 2.doc

    • Size

      93KB

    • MD5

      4e3b9b06dc44119372a0dfc65322496b

    • SHA1

      25c6730b491be95674ab3150c84068a39937dafc

    • SHA256

      a5d83f25c675104454de24fe6452127f1e655ebb655a3a8fd5a0d4d057007e51

    • SHA512

      b8dd3a1d4fc74941abec997055f9eac4fca91d40b944072809cdb58192931bb1259acbd7a2c6b82ff64ea730804dcc2ae28a8c22b75e6ec785ac4babac215d45

    • SSDEEP

      768:HwAbZSibMX9gRWjUNmsed3ACGvG9WSRjZzgIOw//Nq6dSAMw:HwAlR0sq3A5GgCDOw/06Cw

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks